[Asterisk-Dev] app_meetme crash

Rob Gagnon rob at networkip.net
Wed Jun 2 15:33:39 MST 2004 

Here's the problem....

Line 928 of v1.36 app_meetme.c:
      cur = confs;
      if (!conf->users) {
          ...
      } else {
         /* Remove the user struct */
         if (user == cur->firstuser) {
          ......

The issue is that the Remove the user struct section thinks that cur-> is
same as conf-> at this point, but it is actually confs (with an s)

The entire else block should change "cur" to "conf" to become:
         /* Remove the user struct */
         if (user == conf->firstuser) {
            conf->firstuser->nextuser->prevuser = NULL;
            conf->firstuser = conf->firstuser->nextuser;
         } else if (user == conf->lastuser){
            conf->lastuser->prevuser->nextuser = NULL;
            conf->lastuser = conf->lastuser->prevuser;
         } else {
            user->nextuser->prevuser = user->prevuser;
            user->prevuser->nextuser = user->nextuser;
         }

So that the user is removed from the current conference, and not from
"confs" which is the head.

----- Original Message ----- 
From: "Rob Gagnon" <rob at networkip.net>
To: <asterisk-dev at lists.digium.com>
Sent: Wednesday, June 02, 2004 5:08 PM
Subject: Re: [Asterisk-Dev] app_meetme crash


> Hmmm....
>
> If  user->prevuser is NULL, then it SHOULD be the head of the list, in
which
> case the "if (user == cur->firstuser)" statement SHOULD have kicked in.
>
> So... this leads me to believe there is another bug some place else
actually
> causing the problem.
>
> I am not that familiar with the inerds of app_meetme, but from what I know
> of doubly-linked-lists, the if-statement you added should not be needed if
> the list integrity is maintained.
>
> Rob
> ----- Original Message ----- 
> From: "Jared Mauch" <jared at puck.nether.net>
> To: <asterisk-dev at lists.digium.com>
> Sent: Wednesday, June 02, 2004 4:29 PM
> Subject: [Asterisk-Dev] app_meetme crash
>
>
> >
> > See the patch, this will prevent it from coring, but could lead
> > to other issues.
> >
> > - Jared
> >
> > #0  0x003d2c1e in conf_run (chan=0x88aa400, conf=0x86ee8d8,
confflags=536)
> >     at app_meetme.c:942
> > 942                                     user->prevuser->nextuser =
> user->nextuser;
> > (gdb) print *user
> > $1 = {user_no = 1, prevuser = 0x0, nextuser = 0x88beba8, userflags =
536,
> >   adminflags = 0, chan = 0x88aa400,
> >   usrvalue = "test", '\0' <repeats 45 times>, jointime = 2586960}
> > (gdb) print *user->prevuser
> > Cannot access memory at address 0x0
> > (gdb) print *user->nextuser
> > $2 = {user_no = 2, prevuser = 0x0, nextuser = 0x8694058, userflags =
536,
> >   adminflags = 0, chan = 0x8878370,
> >   usrvalue = "test", '\0' <repeats 45 times>, jointime = 2586960}
> > (gdb) print user->nextuser->prevuser
> > $3 = (struct ast_conf_user *) 0x0
> > (gdb) print user->prevuser
> > $4 = (struct ast_conf_user *) 0x0
> > (gdb) print user->nextuser
> > $5 = (struct ast_conf_user *) 0x88beba8
> > (gdb) print user->prevuser
> > $6 = (struct ast_conf_user *) 0x0
> >
> > diff -u -r1.35 app_meetme.c
> > --- app_meetme.c        1 Jun 2004 22:54:18 -0000       1.35
> > +++ app_meetme.c        2 Jun 2004 21:27:24 -0000
> > @@ -939,7 +939,9 @@
> >                                 cur->lastuser = cur->lastuser->prevuser;
> >                         } else {
> >                                 user->nextuser->prevuser =
user->prevuser;
> > -                               user->prevuser->nextuser =
user->nextuser;
> > +                               if (user->prevuser != NULL) {
> > +                                       user->prevuser->nextuser =
> user->nextuser;
> > +                               }
> >                         }
> >                         /* Return the number of seconds the user was in
> the conf */
> >                         sprintf(meetmesecs, "%i", (int)
(user->jointime -
> time(NULL)));
> >
> > -- 
> > Jared Mauch  | pgp key available via finger from jared at puck.nether.net
> > clue++;      | http://puck.nether.net/~jared/  My statements are only
> mine.
> > _______________________________________________
> > Asterisk-Dev mailing list
> > Asterisk-Dev at lists.digium.com
> > http://lists.digium.com/mailman/listinfo/asterisk-dev
> > To UNSUBSCRIBE or update options visit:
> >    http://lists.digium.com/mailman/listinfo/asterisk-dev
>
> _______________________________________________
> Asterisk-Dev mailing list
> Asterisk-Dev at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-dev
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-dev

More information about the asterisk-dev mailing list